The present invention relates to a method and a system for authenticating communication terminals, such as personal computers, mobile phones and on-vehicle navigation terminals, which are required to establish connections with a server system when receiving various types of services from the server system via communication means.
In recent years, communication terminals, such as personal computers (PCs) with a communication performance, have frequently been involved in information-service network communication systems that require each communication terminal to be authenticated. In such a typical system, a communication terminal is used, which is entitled to operate SSL (Security Sockets Layer) with a technique of encrypting documents to be transferred in forms. A server system incorporated in such a system receives user-identifying information, such as a password, given from such communication terminal through communication means such as the Internet, and authenticates the communication terminal (i.e., a user who handles such communication terminal). Thus, only when it is determined that the authentication reveals an affirmative result, the server system is permitted to provide the communication terminal with data requested by the user (i.e., data service).
The foregoing conventional authentication technique is directed to the communication terminal that is compatible with the SSL. As long as such a type of communication terminal can be used, it is considered that there will be almost no problem in security. However, if a communication terminal which is smaller in data storage is used or a communication terminal which is not compatible with the SSL is subjected to authentication, there arises a possibility that user-identifying information such as a password is leaked out. If such a case happens, some serious problems including unauthorized accesses may occur.